Related Links

  • Trend Micro USA
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Comment: Simplifying Data Loss Prevention
    Without the right approach, all of the promised advantages of today’s data loss prevention (DLP) products may not be realized says Jared Thorkelson of DLP Experts.
  • Malware rebounds as cause of data loss
    Malware has rebounded to become the biggest cause of data loss in organizations, according to a report from the Computer Security Institute (CSI). Malware infections far exceed the next most common cause - laptop and mobile hardware theft - said the 2009 CSI Computer Crime and Security Survey.
  • Health Net comes under scrutiny for data loss
    Medical insurance firm Health Net is under investigation by at least two Attorney Generals, following a data loss that has exposed up to 1.5 million customer records
  • Lawsuits fly over T-Mobile Sidekick cloud data loss
    T-Mobile has reportedly been hit by two class action lawsuits alleging that the cellular carrier misled consumers into believing that their data was secure after data was lost in the cloud
  • Social Networking - A Risk to Information Security?
    As the popularity of social networking sites continues to mount, it becomes increasingly important to consider the information security risks posed in the context of a wider data loss prevention and reputation management strategy. Cath Everett reports

Top 5 Stories


Data loss is a growing concern of small businesses

05 November 2010

While viruses and trojans continue to be of concern for small businesses, data loss, through malware and data leaks, is a growing worry for small firms, a survey by Trend Micro found.

According to the survey, 63% of small businesses were most concerned by viruses, 60% by trojans, 59% by data-stealing malware, followed, at 56%, by data leaks. Data leaks were defined as the intentional or unintentional disclosure of sensitive information outside the corporate network. Phishing scams and spam were of less concern to small businesses.

For its 2010 Corporate End User Study, Trend Micro surveyed 1600 corporate end users in the US, the UK, Germany, and Japan. The company defined a small business as a business with less than 500 employees in the US, the UK, and Germany, and less than 250 employees in Japan.

While data-stealing malware and data leaks were third and fourth on the survey, they are an increasing concern for small businesses, noted Dal Gemmell, senior global product marketing manager on the Trend Micro small business team. “As you would expect from a survey about security, viruses and trojans were ranked as the number one and number two concerns. But what we found was that these were closely followed by data-stealing malware and data leaks” as small business security concerns, Gemmell told Infosecurity. He said that data is an extremely valuable asset for small businesses, and data protection is key to their competitiveness in the marketplace.

The Trend Micro manager said that the majority of small businesses surveyed do not have data loss prevention policies in place and do not have data loss prevention training for employees. “The concern is that the training and awareness of data loss prevention is lagging”, he said.The survey found that small businesses are 23% less likely to have preventative data leak policies in place than large companies, according to a Trend Micro statement.

The biggest difference was found in Japan where 81% of large companies have data leak prevention policies in place compared to only 47% of small companies. For those businesses that have policies in place, employees in large companies are significantly more likely to have received training on data leak prevention than those in small companies.

Employees in large US companies are significantly more likely to indicate data leaks as a serious threat than those in smaller companies: 74% in large companies, 49% in small companies.

In the UK, 73% of employees from large companies say they are aware of confidential information compared to 63% from small companies. Also worth noting is that in every country, employees in larger companies are significantly more likely to agree that other employees have leaked data from within their organization.

The survey found that the most prevalent forms of IT protection against data stealing malware is installing security software, restricting internet access, and implementing security policies.

Around 21% of small business employees say that their IT departments can do a better job at protecting them on potential risks associated with data-stealing malware. In addition, 35% of employees in small companies indicated that their IT department could have done a better job educating them about data-stealing malware.

To prevent data loss, Gemmell recommended that small businesses train employees about the importance of data, the risks of data loss, and how to prevent it. This training needs to be done periodically to ensure its effectiveness.

Small businesses can also use technical solutions to reduce the risk of data loss. One step they can take is to make sure that their operating systems and applications do not have vulnerabilities or, if vulnerabilities are detected, patching them in a timely manner, he said. This is to prevent data-stealing malware from exploiting these vulnerabilities.

“What we saw in the first half of 2010…is that there were over 2500 common vulnerabilities and exposures that were recorded. There are a lot of vulnerabilities out there and cyber criminals are absolutely taking advantage of them to steal data”, Gemmell said.

Because of their tight IT security budgets, small businesses should look for security products that combine anti-virus, anti-malware, and data loss prevention. Gemmell stressed that the information security products should address the “common leaky points” in small businesses, such as email and USB devices. “Make sure that the product is able to prevent data loss from those leaky points,” he said.

This article is featured in:
Data Loss  •  Security Training and Education


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×